Since the hack, most of us are now familiar with Ashley Madison, the international dating website that connects married people who are looking to have an affair.
The site was hacked by a group that calls itself “the Impact Team”. Many people lack sympathy for those that subscribed to this website and the resultant hack because of its controversial nature. But if we look at the principles behind the hack and its implications for the business concerned, there are many points that we can all learn from. We probably should not be too quick to judge.
The Impact Team claims that it gained access to the site’s database and made a release of 40MB of data, including user credit card details and company financial information. Of most interest to both the users of the site and people who are interested in cyber security is that the release was accompanied by a manifesto which threatened to release users’ personal information if the site was not shut down.
Just three months before the attack, Ashley Madison announced plans for an IPO with a view to raising $200 million on the LSE. Analysts have now suggested that Ashley Madison may scrap its plans for this share flotation. The timing of this hack is hardly a coincidence!
Similarly, Apple’s iCloud storage system was hacked last year and nude pictures of celebrities appeared online. Apple said that there were no breaches in their systems. But a recent Daily Mirror investigation found a 300% rise in reports of “victims being humiliated or threatened with intimate photos taken from iCloud” by hackers.
Whilst new enactments in legislation may deal with the after effect of such hacks, what lessons have been learnt over the past year to reduce the likelihood of such attacks?
CYBER RISKS TO UK BUSINESSES
The attacks on Ashley Madison and Apple iCloud (to name but a few) serve as a warning to all businesses with an online presence. Cyber-attacks are becoming increasingly frequent and can cause a variety of losses to UK business, including:
Hackers are determined and motivated and will always work their way through your site, especially if they have a point to prove or the target of the attack is likely to “make” them, either financially or in terms of their reputation. But you can reduce the risk of an attack by following certain practices, for example:
Be aware that hacking exercises take place, on occasion, because of human error from within an organisation. Training for staff is key, as is keeping up to date internal operational policies.
KEEP UP TO DATE
Given the rate of change in technology, businesses should ensure that their hardware, software and knowledge of cyber security issues remain up to date.
PENETRATION TESTING AND CERTIFICATION SCHEMES
A simulated attack will show how vulnerable a target would be to a real attack so do not be afraid to commission one of these. Also, the UK government has commissioned certain schemes which provide useful guidance on how to reduce vulnerability to online attacks and there are often cost effective methods that you can use to demonstrate the strength of your online security.
Data breaches: Is personal data held in your systems secure?
European Commission launches process on personal data flows to UK
In these working from home days, where weekdays seem to blend into weekends which melt into weekdays again, most of us don’t have the luxury of offices at home. Space is at a premium. Desks or dining room tables are shared. Papers are strewn across the floor. We…
The Court of Appeal has held that an individual can claim for compensation under section 13 of the Data Protection Act 1998 where a breach of the DPA results in a “loss or diminution of a right to control” their personal data. A claim of compensation would not require the…